qemu.git
23 months agospapr: Fail CAS if option vector table cannot be parsed
Greg Kurz [Fri, 17 Jan 2020 09:15:52 +0000 (10:15 +0100)] 
spapr: Fail CAS if option vector table cannot be parsed

Most of the option vector helpers have assertions to check their
arguments aren't null. The guest can provide an arbitrary address
for the CAS structure that would result in such null arguments.
Fail CAS with H_PARAMETER and print a warning instead of aborting
QEMU.

Signed-off-by: Greg Kurz <groug@kaod.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <157925255250.397143.10855183619366882459.stgit@bahia.lan>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
23 months agotarget/ppc: Clarify the meaning of return values in kvm_handle_debug
Fabiano Rosas [Fri, 10 Jan 2020 15:13:42 +0000 (12:13 -0300)] 
target/ppc: Clarify the meaning of return values in kvm_handle_debug

The kvm_handle_debug function can return 0 to go back into the guest
or return 1 to notify the gdbstub thread and pass control to GDB.

Signed-off-by: Fabiano Rosas <farosas@linux.ibm.com>
Message-Id: <20200110151344.278471-2-farosas@linux.ibm.com>
Tested-by: Leonardo Bras <leonardo@ibm.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
23 months agohw/ppc/prep: Remove the deprecated "prep" machine and the OpenHackware BIOS
Thomas Huth [Tue, 14 Jan 2020 11:46:17 +0000 (12:46 +0100)] 
hw/ppc/prep: Remove the deprecated "prep" machine and the OpenHackware BIOS

It's been deprecated since QEMU v3.1. The 40p machine should be
used nowadays instead.

Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Acked-by: Hervé Poussineau <hpoussin@reactos.org>
Signed-off-by: Thomas Huth <thuth@redhat.com>
Message-Id: <20200114114617.28854-1-thuth@redhat.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
23 months agoppc:virtex_ml507: remove unused arguments
Igor Mammedov [Wed, 15 Jan 2020 15:07:25 +0000 (16:07 +0100)] 
ppc:virtex_ml507: remove unused arguments

Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Message-Id: <1579100861-73692-71-git-send-email-imammedo@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
23 months agoppc/pnv: improve error logging when a PNOR update fails
Cédric Le Goater [Wed, 8 Jan 2020 09:03:48 +0000 (10:03 +0100)] 
ppc/pnv: improve error logging when a PNOR update fails

Print out the offset at which the error occured.

Signed-off-by: Cédric Le Goater <clg@kaod.org>
Message-Id: <20200108090348.21224-3-clg@kaod.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
23 months agoppc/pnv: use QEMU unit definition MiB
Cédric Le Goater [Wed, 8 Jan 2020 09:03:47 +0000 (10:03 +0100)] 
ppc/pnv: use QEMU unit definition MiB

Signed-off-by: Cédric Le Goater <clg@kaod.org>
Message-Id: <20200108090348.21224-2-clg@kaod.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
23 months agoMerge remote-tracking branch 'remotes/stefanha/tags/tracing-pull-request' into staging
Peter Maydell [Fri, 31 Jan 2020 17:36:59 +0000 (17:36 +0000)] 
Merge remote-tracking branch 'remotes/stefanha/tags/tracing-pull-request' into staging

Pull request

# gpg: Signature made Thu 30 Jan 2020 21:38:06 GMT
# gpg:                using RSA key 8695A8BFD3F97CDAAC35775A9CA4ABB381AB73C8
# gpg: Good signature from "Stefan Hajnoczi <stefanha@redhat.com>" [full]
# gpg:                 aka "Stefan Hajnoczi <stefanha@gmail.com>" [full]
# Primary key fingerprint: 8695 A8BF D3F9 7CDA AC35  775A 9CA4 ABB3 81AB 73C8

* remotes/stefanha/tags/tracing-pull-request:
  qemu_set_log_filename: filename argument may be NULL
  hw/display/qxl.c: Use trace_event_get_state_backends()
  memory.c: Use trace_event_get_state_backends()
  docs/devel/tracing.txt: Recommend only trace_event_get_state_backends()
  Makefile: Keep trace-events-subdirs ordered

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
23 months agotarget/arm: fix TCG leak for fcvt half->double
Alex Bennée [Fri, 31 Jan 2020 15:34:39 +0000 (15:34 +0000)] 
target/arm: fix TCG leak for fcvt half->double

When support for the AHP flag was added we inexplicably only freed the
new temps in one of the two legs. Move those tcg_temp_free to the same
level as the allocation to fix that leak.

Fixes: 486624fcd3eac
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-id: 20200131153439.26027-1-alex.bennee@linaro.org
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
23 months agoMerge remote-tracking branch 'remotes/stefanha/tags/block-pull-request' into staging
Peter Maydell [Fri, 31 Jan 2020 10:37:11 +0000 (10:37 +0000)] 
Merge remote-tracking branch 'remotes/stefanha/tags/block-pull-request' into staging

Pull request

# gpg: Signature made Thu 30 Jan 2020 21:31:02 GMT
# gpg:                using RSA key 8695A8BFD3F97CDAAC35775A9CA4ABB381AB73C8
# gpg: Good signature from "Stefan Hajnoczi <stefanha@redhat.com>" [full]
# gpg:                 aka "Stefan Hajnoczi <stefanha@gmail.com>" [full]
# Primary key fingerprint: 8695 A8BF D3F9 7CDA AC35  775A 9CA4 ABB3 81AB 73C8

* remotes/stefanha/tags/block-pull-request:
  tests/qemu-iotests: use AIOMODE with various tests
  tests/qemu-iotests: enable testing with aio options
  qemu-nbd: adds option for aio engines
  qemu-img: adds option to use aio engine for benchmarking
  qemu-io: adds option to use aio engine
  block/io_uring: adds userspace completion polling
  block: add trace events for io_uring
  block/file-posix.c: extend to use io_uring
  blockdev: adds bdrv_parse_aio to use io_uring
  util/async: add aio interfaces for io_uring
  stubs: add stubs for io_uring interface
  block/io_uring: implements interfaces for io_uring
  block/block: add BDRV flag for io_uring
  qapi/block-core: add option for io_uring
  configure: permit use of io_uring
  block/io: take bs->reqs_lock in bdrv_mark_request_serialising
  block/io: wait for serialising requests when a request becomes serialising
  block: eliminate BDRV_REQ_NO_SERIALISING

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
23 months agoqemu_set_log_filename: filename argument may be NULL
Salvador Fandino [Thu, 23 Jan 2020 19:36:26 +0000 (20:36 +0100)] 
qemu_set_log_filename: filename argument may be NULL

NULL is a valid log filename used to indicate we want to use stderr
but qemu_set_log_filename (which is called by bsd-user/main.c) was not
handling it correctly.

That also made redundant a couple of NULL checks in calling code which
have been removed.

Signed-off-by: Salvador Fandino <salvador@qindel.com>
Message-Id: <20200123193626.19956-1-salvador@qindel.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
23 months agohw/display/qxl.c: Use trace_event_get_state_backends()
Peter Maydell [Mon, 20 Jan 2020 15:11:42 +0000 (15:11 +0000)] 
hw/display/qxl.c: Use trace_event_get_state_backends()

The preferred way to test whether a trace event is enabled is to
use trace_event_get_state_backends(), because this will give the
correct answer (allowing expensive computations to be skipped)
whether the trace event is compile-time or run-time disabled.
Convert the old-style direct use of TRACE_FOO_ENABLED.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Acked-by: Gerd Hoffmann <kraxel@redhat.com>
Message-id: 20200120151142.18954-4-peter.maydell@linaro.org
Message-Id: <20200120151142.18954-4-peter.maydell@linaro.org>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
23 months agomemory.c: Use trace_event_get_state_backends()
Peter Maydell [Mon, 20 Jan 2020 15:11:41 +0000 (15:11 +0000)] 
memory.c: Use trace_event_get_state_backends()

The preferred way to test whether a trace event is enabled is to
use trace_event_get_state_backends(), because this will give the
correct answer (allowing expensive computations to be skipped)
whether the trace event is compile-time or run-time disabled.
Convert the four old-style direct uses of TRACE_FOO_ENABLED in
memory.c.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20200120151142.18954-3-peter.maydell@linaro.org
Message-Id: <20200120151142.18954-3-peter.maydell@linaro.org>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
23 months agodocs/devel/tracing.txt: Recommend only trace_event_get_state_backends()
Peter Maydell [Mon, 20 Jan 2020 15:11:40 +0000 (15:11 +0000)] 
docs/devel/tracing.txt: Recommend only trace_event_get_state_backends()

Instead of recommending checking the TRACE_FOO_ENABLED macro to
skip expensive computations needed only for tracing, recommend
only using trace_event_get_state_backends(). This works for both
compile-time and run-time disabling of events, and has no extra
performance impact if the event is compile-time disabled.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20200120151142.18954-2-peter.maydell@linaro.org
Message-Id: <20200120151142.18954-2-peter.maydell@linaro.org>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
23 months agoMakefile: Keep trace-events-subdirs ordered
Philippe Mathieu-Daudé [Thu, 16 Jan 2020 11:43:39 +0000 (12:43 +0100)] 
Makefile: Keep trace-events-subdirs ordered

Adding the same directory multiple times to trace-events-subdirs
might trigger build failures, in particular when using the LTTng
Userspace Tracer library as backend.

For example when using two times the hw/core/ directory:

    $ ./configure --enable-trace-backends=ust && make
   [...]
     CC      trace-ust-all.o
   In file included from trace-ust-all.h:13,
                    from trace-ust-all.c:13:
   trace-ust-all.h:35151:1: error: redefinition of ‘__tracepoint_cb_qemu___loader_write_rom’
   35151 | TRACEPOINT_EVENT(
         | ^~~~~~~~~~~~~~~~
   trace-ust-all.h:31791:1: note: previous definition of ‘__tracepoint_cb_qemu___loader_write_rom’ was here
   31791 | TRACEPOINT_EVENT(
         | ^~~~~~~~~~~~~~~~

To ease review and reduce likelihood of merge failures (see [*]),
keep trace-events-subdirs ordered when possible, following eb7ccb3c0.

[*] https://www.mail-archive.com/qemu-devel@nongnu.org/msg671007.html
    Duplicate trace-events-subdirs entries generates duplicated
    symbols when using the LTTng Userspace Tracer library.

Reviewed-by: Damien Hedde <damien.hedde@greensocs.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: 20200116114339.30670-1-philmd@redhat.com
Message-Id: <20200116114339.30670-1-philmd@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
23 months agotests/qemu-iotests: use AIOMODE with various tests
Aarushi Mehta [Mon, 20 Jan 2020 14:18:58 +0000 (14:18 +0000)] 
tests/qemu-iotests: use AIOMODE with various tests

Signed-off-by: Aarushi Mehta <mehta.aaru20@gmail.com>
Acked-by: Stefano Garzarella <sgarzare@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 20200120141858.587874-16-stefanha@redhat.com
Message-Id: <20200120141858.587874-16-stefanha@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
23 months agotests/qemu-iotests: enable testing with aio options
Aarushi Mehta [Mon, 20 Jan 2020 14:18:57 +0000 (14:18 +0000)] 
tests/qemu-iotests: enable testing with aio options

Signed-off-by: Aarushi Mehta <mehta.aaru20@gmail.com>
Acked-by: Stefano Garzarella <sgarzare@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 20200120141858.587874-15-stefanha@redhat.com
Message-Id: <20200120141858.587874-15-stefanha@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
23 months agoqemu-nbd: adds option for aio engines
Aarushi Mehta [Mon, 20 Jan 2020 14:18:56 +0000 (14:18 +0000)] 
qemu-nbd: adds option for aio engines

Signed-off-by: Aarushi Mehta <mehta.aaru20@gmail.com>
Acked-by: Eric Blake <eblake@redhat.com>
Acked-by: Stefano Garzarella <sgarzare@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 20200120141858.587874-14-stefanha@redhat.com
Message-Id: <20200120141858.587874-14-stefanha@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
23 months agoqemu-img: adds option to use aio engine for benchmarking
Aarushi Mehta [Mon, 20 Jan 2020 14:18:55 +0000 (14:18 +0000)] 
qemu-img: adds option to use aio engine for benchmarking

Signed-off-by: Aarushi Mehta <mehta.aaru20@gmail.com>
Acked-by: Stefano Garzarella <sgarzare@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 20200120141858.587874-13-stefanha@redhat.com
Message-Id: <20200120141858.587874-13-stefanha@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
23 months agoqemu-io: adds option to use aio engine
Aarushi Mehta [Mon, 20 Jan 2020 14:18:54 +0000 (14:18 +0000)] 
qemu-io: adds option to use aio engine

Signed-off-by: Aarushi Mehta <mehta.aaru20@gmail.com>
Acked-by: Stefano Garzarella <sgarzare@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 20200120141858.587874-12-stefanha@redhat.com
Message-Id: <20200120141858.587874-12-stefanha@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
23 months agoblock/io_uring: adds userspace completion polling
Aarushi Mehta [Mon, 20 Jan 2020 14:18:53 +0000 (14:18 +0000)] 
block/io_uring: adds userspace completion polling

Signed-off-by: Aarushi Mehta <mehta.aaru20@gmail.com>
Acked-by: Stefano Garzarella <sgarzare@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 20200120141858.587874-11-stefanha@redhat.com
Message-Id: <20200120141858.587874-11-stefanha@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
23 months agoblock: add trace events for io_uring
Aarushi Mehta [Mon, 20 Jan 2020 14:18:52 +0000 (14:18 +0000)] 
block: add trace events for io_uring

Signed-off-by: Aarushi Mehta <mehta.aaru20@gmail.com>
Acked-by: Stefano Garzarella <sgarzare@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 20200120141858.587874-10-stefanha@redhat.com
Message-Id: <20200120141858.587874-10-stefanha@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
23 months agoblock/file-posix.c: extend to use io_uring
Aarushi Mehta [Mon, 20 Jan 2020 14:18:51 +0000 (14:18 +0000)] 
block/file-posix.c: extend to use io_uring

Signed-off-by: Aarushi Mehta <mehta.aaru20@gmail.com>
Reviewed-by: Maxim Levitsky <maximlevitsky@gmail.com>
Acked-by: Stefano Garzarella <sgarzare@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 20200120141858.587874-9-stefanha@redhat.com
Message-Id: <20200120141858.587874-9-stefanha@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
23 months agoblockdev: adds bdrv_parse_aio to use io_uring
Aarushi Mehta [Mon, 20 Jan 2020 14:18:50 +0000 (14:18 +0000)] 
blockdev: adds bdrv_parse_aio to use io_uring

Signed-off-by: Aarushi Mehta <mehta.aaru20@gmail.com>
Acked-by: Stefano Garzarella <sgarzare@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 20200120141858.587874-8-stefanha@redhat.com
Message-Id: <20200120141858.587874-8-stefanha@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
23 months agoutil/async: add aio interfaces for io_uring
Aarushi Mehta [Mon, 20 Jan 2020 14:18:49 +0000 (14:18 +0000)] 
util/async: add aio interfaces for io_uring

Signed-off-by: Aarushi Mehta <mehta.aaru20@gmail.com>
Acked-by: Stefano Garzarella <sgarzare@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 20200120141858.587874-7-stefanha@redhat.com
Message-Id: <20200120141858.587874-7-stefanha@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
23 months agostubs: add stubs for io_uring interface
Aarushi Mehta [Mon, 20 Jan 2020 14:18:48 +0000 (14:18 +0000)] 
stubs: add stubs for io_uring interface

Follow linux-aio.o and stub out the block/io_uring.o APIs that will be
missing when a binary is linked with obj-util-y but without
block-util-y (e.g. vhost-user-gpu).

For example, the stubs are necessary so that a binary using util/async.o
from obj-util-y for qemu_bh_new() links successfully.  In this case
block/io_uring.o from block-util-y isn't needed and we can avoid
dragging in the block layer by linking the stubs instead.  The stub
functions never get called.

Signed-off-by: Aarushi Mehta <mehta.aaru20@gmail.com>
Acked-by: Stefano Garzarella <sgarzare@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 20200120141858.587874-6-stefanha@redhat.com
Message-Id: <20200120141858.587874-6-stefanha@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
23 months agoblock/io_uring: implements interfaces for io_uring
Aarushi Mehta [Mon, 20 Jan 2020 14:18:47 +0000 (14:18 +0000)] 
block/io_uring: implements interfaces for io_uring

Aborts when sqe fails to be set as sqes cannot be returned to the
ring. Adds slow path for short reads for older kernels

Signed-off-by: Aarushi Mehta <mehta.aaru20@gmail.com>
Acked-by: Stefano Garzarella <sgarzare@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 20200120141858.587874-5-stefanha@redhat.com
Message-Id: <20200120141858.587874-5-stefanha@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
23 months agoblock/block: add BDRV flag for io_uring
Aarushi Mehta [Mon, 20 Jan 2020 14:18:46 +0000 (14:18 +0000)] 
block/block: add BDRV flag for io_uring

Signed-off-by: Aarushi Mehta <mehta.aaru20@gmail.com>
Reviewed-by: Maxim Levitsky <maximlevitsky@gmail.com>
Acked-by: Stefano Garzarella <sgarzare@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 20200120141858.587874-4-stefanha@redhat.com
Message-Id: <20200120141858.587874-4-stefanha@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
23 months agoqapi/block-core: add option for io_uring
Aarushi Mehta [Mon, 20 Jan 2020 14:18:45 +0000 (14:18 +0000)] 
qapi/block-core: add option for io_uring

Since io_uring is the actual name of the Linux API, we use it as enum
value even though the QAPI schema conventions would prefer io-uring.

Signed-off-by: Aarushi Mehta <mehta.aaru20@gmail.com>
Acked-by: Markus Armbruster <armbru@redhat.com>
Acked-by: Stefano Garzarella <sgarzare@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 20200120141858.587874-3-stefanha@redhat.com
Message-Id: <20200120141858.587874-3-stefanha@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
23 months agoconfigure: permit use of io_uring
Aarushi Mehta [Mon, 20 Jan 2020 14:18:44 +0000 (14:18 +0000)] 
configure: permit use of io_uring

Signed-off-by: Aarushi Mehta <mehta.aaru20@gmail.com>
Reviewed-by: Maxim Levitsky <maximlevitsky@gmail.com>
Acked-by: Stefano Garzarella <sgarzare@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 20200120141858.587874-2-stefanha@redhat.com
Message-Id: <20200120141858.587874-2-stefanha@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
23 months agoblock/io: take bs->reqs_lock in bdrv_mark_request_serialising
Paolo Bonzini [Wed, 8 Jan 2020 14:55:56 +0000 (15:55 +0100)] 
block/io: take bs->reqs_lock in bdrv_mark_request_serialising

bdrv_mark_request_serialising is writing the overlap_offset and
overlap_bytes fields of BdrvTrackedRequest.  Take bs->reqs_lock
for the whole duration of it, and not just when waiting for
serialising requests, so that tracked_request_overlaps does not
look at a half-updated request.

The new code does not unlock/relock around retries.  This is unnecessary
because a retry is always preceded by a CoQueue wait, which already
releases and reacquires bs->reqs_lock.

Reported-by: Peter Lieven <pl@kamp.de>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 1578495356-46219-4-git-send-email-pbonzini@redhat.com
Message-Id: <1578495356-46219-4-git-send-email-pbonzini@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
23 months agoblock/io: wait for serialising requests when a request becomes serialising
Paolo Bonzini [Wed, 8 Jan 2020 14:55:55 +0000 (15:55 +0100)] 
block/io: wait for serialising requests when a request becomes serialising

Marking without waiting would not result in actual serialising behavior.
Thus, make a call bdrv_mark_request_serialising sufficient for
serialisation to happen.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 1578495356-46219-3-git-send-email-pbonzini@redhat.com
Message-Id: <1578495356-46219-3-git-send-email-pbonzini@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
23 months agoblock: eliminate BDRV_REQ_NO_SERIALISING
Paolo Bonzini [Wed, 8 Jan 2020 14:55:54 +0000 (15:55 +0100)] 
block: eliminate BDRV_REQ_NO_SERIALISING

It is unused since commit 00e30f0 ("block/backup: use backup-top instead
of write notifiers", 2019-10-01), drop it to simplify the code.

While at it, drop redundant assertions on flags.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 1578495356-46219-2-git-send-email-pbonzini@redhat.com
Message-Id: <1578495356-46219-2-git-send-email-pbonzini@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
23 months agoMerge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20200130' into...
Peter Maydell [Thu, 30 Jan 2020 16:19:04 +0000 (16:19 +0000)] 
Merge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20200130' into staging

target-arm queue:
 * hw/core/or-irq: Fix incorrect assert forbidding num-lines == MAX_OR_LINES
 * target/arm/arm-semi: Don't let the guest close stdin/stdout/stderr
 * aspeed: some minor bugfixes
 * aspeed: add eMMC controller model for AST2600 SoC
 * hw/arm/raspi: Remove obsolete use of -smp to set the soc 'enabled-cpus'
 * New 3-phase reset API for device models
 * hw/intc/arm_gicv3_kvm: Stop wrongly programming GICR_PENDBASER.PTZ bit
 * Arm KVM: stop/restart the guest counter when the VM is stopped and started

# gpg: Signature made Thu 30 Jan 2020 16:14:45 GMT
# gpg:                using RSA key E1A5C593CD419DE28E8315CF3C2525ED14360CDE
# gpg:                issuer "peter.maydell@linaro.org"
# gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>" [ultimate]
# gpg:                 aka "Peter Maydell <pmaydell@gmail.com>" [ultimate]
# gpg:                 aka "Peter Maydell <pmaydell@chiark.greenend.org.uk>" [ultimate]
# Primary key fingerprint: E1A5 C593 CD41 9DE2 8E83  15CF 3C25 25ED 1436 0CDE

* remotes/pmaydell/tags/pull-target-arm-20200130: (26 commits)
  target/arm/cpu: Add the kvm-no-adjvtime CPU property
  target/arm/kvm: Implement virtual time adjustment
  tests/arm-cpu-features: Check feature default values
  target/arm/kvm64: kvm64 cpus have timer registers
  hw/arm/virt: Add missing 5.0 options call to 4.2 options
  target/arm/kvm: trivial: Clean up header documentation
  hw/intc/arm_gicv3_kvm: Stop wrongly programming GICR_PENDBASER.PTZ bit
  hw/s390x/ipl: replace deprecated qdev_reset_all registration
  vl: replace deprecated qbus_reset_all registration
  docs/devel/reset.rst: add doc about Resettable interface
  hw/core: deprecate old reset functions and introduce new ones
  hw/core/qdev: update hotplug reset regarding resettable
  hw/core/qdev: handle parent bus change regarding resettable
  hw/core/resettable: add support for changing parent
  hw/core: add Resettable support to BusClass and DeviceClass
  hw/core: create Resettable QOM interface
  hw/core/qdev: add trace events to help with resettable transition
  add device_legacy_reset function to prepare for reset api change
  hw/arm/raspi: Remove obsolete use of -smp to set the soc 'enabled-cpus'
  misc/pca9552: Add qom set and get
  ...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
23 months agotarget/arm/cpu: Add the kvm-no-adjvtime CPU property
Andrew Jones [Thu, 30 Jan 2020 16:02:06 +0000 (16:02 +0000)] 
target/arm/cpu: Add the kvm-no-adjvtime CPU property

kvm-no-adjvtime is a KVM specific CPU property and a first of its
kind. To accommodate it we also add kvm_arm_add_vcpu_properties()
and a KVM specific CPU properties description to the CPU features
document.

Signed-off-by: Andrew Jones <drjones@redhat.com>
Message-id: 20200120101023.16030-7-drjones@redhat.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
23 months agotarget/arm/kvm: Implement virtual time adjustment
Andrew Jones [Thu, 30 Jan 2020 16:02:06 +0000 (16:02 +0000)] 
target/arm/kvm: Implement virtual time adjustment

When a VM is stopped (such as when it's paused) guest virtual time
should stop counting. Otherwise, when the VM is resumed it will
experience time jumps and its kernel may report soft lockups. Not
counting virtual time while the VM is stopped has the side effect
of making the guest's time appear to lag when compared with real
time, and even with time derived from the physical counter. For
this reason, this change, which is enabled by default, comes with
a KVM CPU feature allowing it to be disabled, restoring legacy
behavior.

This patch only provides the implementation of the virtual time
adjustment. A subsequent patch will provide the CPU property
allowing the change to be enabled and disabled.

Reported-by: Bijan Mottahedeh <bijan.mottahedeh@oracle.com>
Signed-off-by: Andrew Jones <drjones@redhat.com>
Message-id: 20200120101023.16030-6-drjones@redhat.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
23 months agotests/arm-cpu-features: Check feature default values
Andrew Jones [Thu, 30 Jan 2020 16:02:06 +0000 (16:02 +0000)] 
tests/arm-cpu-features: Check feature default values

If we know what the default value should be then we can test for
that as well as the feature existence.

Signed-off-by: Andrew Jones <drjones@redhat.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20200120101023.16030-5-drjones@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
23 months agotarget/arm/kvm64: kvm64 cpus have timer registers
Andrew Jones [Thu, 30 Jan 2020 16:02:06 +0000 (16:02 +0000)] 
target/arm/kvm64: kvm64 cpus have timer registers

Add the missing GENERIC_TIMER feature to kvm64 cpus.

We don't currently use these registers when KVM is enabled, but it's
probably best we add the feature flag for consistency and potential
future use. There's also precedent, as we add the PMU feature flag to
KVM enabled guests, even though we don't use those registers either.

This change was originally posted as a hunk of a different, never
merged patch from Bijan Mottahedeh.

Signed-off-by: Andrew Jones <drjones@redhat.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20200120101023.16030-4-drjones@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
23 months agohw/arm/virt: Add missing 5.0 options call to 4.2 options
Andrew Jones [Thu, 30 Jan 2020 16:02:06 +0000 (16:02 +0000)] 
hw/arm/virt: Add missing 5.0 options call to 4.2 options

Signed-off-by: Andrew Jones <drjones@redhat.com>
Message-id: 20200120101023.16030-3-drjones@redhat.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
23 months agotarget/arm/kvm: trivial: Clean up header documentation
Andrew Jones [Thu, 30 Jan 2020 16:02:05 +0000 (16:02 +0000)] 
target/arm/kvm: trivial: Clean up header documentation

Signed-off-by: Andrew Jones <drjones@redhat.com>
Message-id: 20200120101023.16030-2-drjones@redhat.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
23 months agohw/intc/arm_gicv3_kvm: Stop wrongly programming GICR_PENDBASER.PTZ bit
Zenghui Yu [Thu, 30 Jan 2020 16:02:05 +0000 (16:02 +0000)] 
hw/intc/arm_gicv3_kvm: Stop wrongly programming GICR_PENDBASER.PTZ bit

If LPIs are disabled, KVM will just ignore the GICR_PENDBASER.PTZ bit when
restoring GICR_CTLR.  Setting PTZ here makes littlt sense in "reduce GIC
initialization time".

And what's worse, PTZ is generally programmed by guest to indicate to the
Redistributor whether the LPI Pending table is zero when enabling LPIs.
If migration is triggered when the PTZ has just been cleared by guest (and
before enabling LPIs), we will see PTZ==1 on the destination side, which
is not as expected.  Let's just drop this hackish userspace behavior.

Also take this chance to refine the comment a bit.

Fixes: 367b9f527bec ("hw/intc/arm_gicv3_kvm: Implement get/put functions")
Signed-off-by: Zenghui Yu <yuzenghui@huawei.com>
Message-id: 20200119133051.642-1-yuzenghui@huawei.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
23 months agohw/s390x/ipl: replace deprecated qdev_reset_all registration
Damien Hedde [Thu, 30 Jan 2020 16:02:05 +0000 (16:02 +0000)] 
hw/s390x/ipl: replace deprecated qdev_reset_all registration

Replace deprecated qdev_reset_all by resettable_cold_reset_fn for
the ipl registration in the main reset handlers.

This does not impact the behavior for the following reasons:
+ at this point resettable just call the old reset methods of devices
  and buses in the same order than qdev/qbus.
+ resettable handlers registered with qemu_register_reset are
  serialized; there is no interleaving.
+ eventual explicit calls to legacy reset API (device_reset or
  qdev/qbus_reset) inside this reset handler will not be masked out
  by resettable mechanism; they do not go through resettable api.

Signed-off-by: Damien Hedde <damien.hedde@greensocs.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Cornelia Huck <cohuck@redhat.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20200123132823.1117486-12-damien.hedde@greensocs.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
23 months agovl: replace deprecated qbus_reset_all registration
Damien Hedde [Thu, 30 Jan 2020 16:02:05 +0000 (16:02 +0000)] 
vl: replace deprecated qbus_reset_all registration

Replace deprecated qbus_reset_all by resettable_cold_reset_fn for
the sysbus reset registration.

Apart for the raspi machines, this does not impact the behavior
because:
+ at this point resettable just calls the old reset methods of devices
  and buses in the same order as qdev/qbus.
+ resettable handlers registered with qemu_register_reset are
  serialized; there is no interleaving.
+ eventual explicit calls to legacy reset API (device_reset or
  qdev/qbus_reset) inside this reset handler will not be masked out
  by resettable mechanism; they do not go through resettable api.

For the raspi machines, during the sysbus reset the sd-card is not
reset twice anymore but only once. This is a consequence of switching
both sysbus reset and changing parent to resettable; it detects the
second reset is not needed. This has no impact on the state after
reset; the sd-card reset method only reset local state and query
information from the block backend.

The raspi reset change can be observed by using the following command
(reset will occurs, then do Ctrl-C to end qemu; no firmware is
given here).
qemu-system-aarch64 -M raspi3 \
    -trace resettable_phase_hold_exec \
    -trace qdev_update_parent_bus \
    -trace resettable_change_parent \
    -trace qdev_reset -trace qbus_reset

Before the patch, the qdev/qbus_reset traces show when reset method are
called. After the patch, the resettable_phase_hold_exec show when reset
method are called.

The traced reset order of the raspi3 is listed below. I've added empty
lines and the tree structure.

 +->bcm2835-peripherals reset
 |
 |       +->sd-card reset
 |   +->sd-bus reset
 +->bcm2835_gpio reset
 |      -> dev_update_parent_bus (move the sd-card on the sdhci-bus)
 |      -> resettable_change_parent
 |
 +->bcm2835-dma reset
 |
 |   +->bcm2835-sdhost-bus reset
 +->bcm2835-sdhost reset
 |
 |       +->sd-card (reset ONLY BEFORE BEFORE THE PATCH)
 |   +->sdhci-bus reset
 +->generic-sdhci reset
 |
 +->bcm2835-rng reset
 +->bcm2835-property reset
 +->bcm2835-fb reset
 +->bcm2835-mbox reset
 +->bcm2835-aux reset
 +->pl011 reset
 +->bcm2835-ic reset
 +->bcm2836-control reset
System reset

In both case, the sd-card is reset (being on bcm2835_gpio/sd-bus) then moved
to generic-sdhci/sdhci-bus by the bcm2835_gpio reset method.

Before the patch, it is then reset again being part of generic-sdhci/sdhci-bus.
After the patch, it considered again for reset but its reset method is not
called because it is already flagged as reset.

Signed-off-by: Damien Hedde <damien.hedde@greensocs.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Tested-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: 20200123132823.1117486-11-damien.hedde@greensocs.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
23 months agodocs/devel/reset.rst: add doc about Resettable interface
Damien Hedde [Thu, 30 Jan 2020 16:02:05 +0000 (16:02 +0000)] 
docs/devel/reset.rst: add doc about Resettable interface

Signed-off-by: Damien Hedde <damien.hedde@greensocs.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20200123132823.1117486-10-damien.hedde@greensocs.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
23 months agohw/core: deprecate old reset functions and introduce new ones
Damien Hedde [Thu, 30 Jan 2020 16:02:04 +0000 (16:02 +0000)] 
hw/core: deprecate old reset functions and introduce new ones

Deprecate device_legacy_reset(), qdev_reset_all() and
qbus_reset_all() to be replaced by new functions
device_cold_reset() and bus_cold_reset() which uses resettable API.

Also introduce resettable_cold_reset_fn() which may be used as a
replacement for qdev_reset_all_fn and qbus_reset_all_fn().

Following patches will be needed to look at legacy reset call sites
and switch to resettable api. The legacy functions will be removed
when unused.

Signed-off-by: Damien Hedde <damien.hedde@greensocs.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Tested-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: 20200123132823.1117486-9-damien.hedde@greensocs.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
23 months agohw/core/qdev: update hotplug reset regarding resettable
Damien Hedde [Thu, 30 Jan 2020 16:02:04 +0000 (16:02 +0000)] 
hw/core/qdev: update hotplug reset regarding resettable

This commit make use of the resettable API to reset the device being
hotplugged when it is realized. Also it ensures it is put in a reset
state coherent with the parent it is plugged into.

Note that there is a difference in the reset. Instead of resetting
only the hotplugged device, we reset also its subtree (switch to
resettable API). This is not expected to be a problem because
sub-buses are just realized too. If a hotplugged device has any
sub-buses it is logical to reset them too at this point.

The recently added should_be_hidden and PCI's partially_hotplugged
mechanisms do not interfere with realize operation:
+ In the should_be_hidden use case, device creation is
delayed.
+ The partially_hotplugged mechanism prevents a device to be
unplugged and unrealized from qdev POV and unrealized.

Signed-off-by: Damien Hedde <damien.hedde@greensocs.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Tested-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: 20200123132823.1117486-8-damien.hedde@greensocs.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
23 months agohw/core/qdev: handle parent bus change regarding resettable
Damien Hedde [Thu, 30 Jan 2020 16:02:04 +0000 (16:02 +0000)] 
hw/core/qdev: handle parent bus change regarding resettable

In qdev_set_parent_bus(), when changing the parent bus of a
realized device, if the source and destination buses are not in the
same reset state, some adaptations are required. This patch adds
needed call to resettable_change_parent() to make sure a device reset
state stays coherent with its parent bus.

The addition is a no-op if:
1. the device being parented is not realized.
2. the device is realized, but both buses are not under reset.

Case 2 means that as long as qdev_set_parent_bus() is called
during the machine realization procedure (which is before the
machine reset so nothing is in reset), it is a no op.

There are 52 call sites of qdev_set_parent_bus(). All but one fall
into the no-op case:
+ 29 trivial calls related to virtio (in hw/{s390x,display,virtio}/
  {vhost,virtio}-xxx.c) to set a vdev(or vgpu) composing device
  parent bus just before realizing the same vdev(vgpu).
+ hw/core/qdev.c: when creating a device in qdev_try_create()
+ hw/core/sysbus.c: when initializing a device in the sysbus
+ hw/i386/amd_iommu.c: before realizing AMDVIState/pci
+ hw/isa/piix4.c: before realizing PIIX4State/rtc
+ hw/misc/auxbus.c: when creating an AUXBus
+ hw/misc/auxbus.c: when creating an AUXBus child
+ hw/misc/macio/macio.c: when initializing a MACIOState child
+ hw/misc/macio/macio.c: before realizing NewWorldMacIOState/pmu
+ hw/misc/macio/macio.c: before realizing NewWorldMacIOState/cuda
+ hw/net/virtio-net.c: Used for migration when using the failover
                       mechanism to migration a vfio-pci/net. It is
                       a no-op because at this point the device is
                       already on the bus.
+ hw/pci-host/designware.c: before realizing DesignwarePCIEHost/root
+ hw/pci-host/gpex.c: before realizing GPEXHost/root
+ hw/pci-host/prep.c: when initialiazing PREPPCIState/pci_dev
+ hw/pci-host/q35.c: before realizing Q35PCIHost/mch
+ hw/pci-host/versatile.c: when initializing PCIVPBState/pci_dev
+ hw/pci-host/xilinx-pcie.c: before realizing XilinxPCIEHost/root
+ hw/s390x/event-facility.c: when creating SCLPEventFacility/
                             TYPE_SCLP_QUIESCE
+ hw/s390x/event-facility.c: ditto with SCLPEventFacility/
                             TYPE_SCLP_CPU_HOTPLUG
+ hw/s390x/sclp.c: Not trivial because it is called on a SLCPDevice
  just after realizing it. Ok because at this point the destination
  bus (sysbus) is not in reset; the realize step is before the
  machine reset.
+ hw/sd/core.c: Not OK. Used in sdbus_reparent_card(). See below.
+ hw/ssi/ssi.c: Used to put spi slave on spi bus and connect the cs
  line in ssi_auto_connect_slave(). Ok because this function is only
  used in realize step in hw/ssi/aspeed_smc.ci, hw/ssi/imx_spi.c,
  hw/ssi/mss-spi.c, hw/ssi/xilinx_spi.c and hw/ssi/xilinx_spips.c.
+ hw/xen/xen-legacy-backend.c: when creating a XenLegacyDevice device
+ qdev-monitor.c: in device hotplug creation procedure before realize

Note that this commit alone will have no effect, right now there is no
use of resettable API to reset anything. So a bus will never be tagged
as in-reset by this same API.

The one place where side-effect will occurs is in hw/sd/core.c in
sdbus_reparent_card(). This function is only used in the raspi machines,
including during the sysbus reset procedure. This case will be
carrefully handled when doing the multiple phase reset transition.

Signed-off-by: Damien Hedde <damien.hedde@greensocs.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Tested-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: 20200123132823.1117486-7-damien.hedde@greensocs.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
23 months agohw/core/resettable: add support for changing parent
Damien Hedde [Thu, 30 Jan 2020 16:02:04 +0000 (16:02 +0000)] 
hw/core/resettable: add support for changing parent

Add a function resettable_change_parent() to do the required
plumbing when changing the parent a of Resettable object.

We need to make sure that the reset state of the object remains
coherent with the reset state of the new parent.

We make the 2 following hypothesis:
+ when an object is put in a parent under reset, the object goes in
reset.
+ when an object is removed from a parent under reset, the object
leaves reset.

The added function avoids any glitch if both old and new parent are
already in reset.

Signed-off-by: Damien Hedde <damien.hedde@greensocs.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Tested-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: 20200123132823.1117486-6-damien.hedde@greensocs.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
23 months agohw/core: add Resettable support to BusClass and DeviceClass
Damien Hedde [Thu, 30 Jan 2020 16:02:04 +0000 (16:02 +0000)] 
hw/core: add Resettable support to BusClass and DeviceClass

This commit adds support of Resettable interface to buses and devices:
+ ResettableState structure is added in the Bus/Device state
+ Resettable methods are implemented.
+ device/bus_is_in_reset function defined

This commit allows to transition the objects to the new
multi-phase interface without changing the reset behavior at all.
Object single reset method can be split into the 3 different phases
but the 3 phases are still executed in a row for a given object.
From the qdev/qbus reset api point of view, nothing is changed.
qdev_reset_all() and qbus_reset_all() are not modified as well as
device_legacy_reset().

Transition of an object must be done from parent class to child class.
Care has been taken to allow the transition of a parent class
without requiring the child classes to be transitioned at the same
time. Note that SysBus and SysBusDevice class do not need any transition
because they do not override the legacy reset method.

Signed-off-by: Damien Hedde <damien.hedde@greensocs.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Tested-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: 20200123132823.1117486-5-damien.hedde@greensocs.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
23 months agohw/core: create Resettable QOM interface
Damien Hedde [Thu, 30 Jan 2020 16:02:03 +0000 (16:02 +0000)] 
hw/core: create Resettable QOM interface

This commit defines an interface allowing multi-phase reset. This aims
to solve a problem of the actual single-phase reset (built in
DeviceClass and BusClass): reset behavior is dependent on the order
in which reset handlers are called. In particular doing external
side-effect (like setting an qemu_irq) is problematic because receiving
object may not be reset yet.

The Resettable interface divides the reset in 3 well defined phases.
To reset an object tree, all 1st phases are executed then all 2nd then
all 3rd. See the comments in include/hw/resettable.h for a more complete
description. The interface defines 3 phases to let the future
possibility of holding an object into reset for some time.

The qdev/qbus reset in DeviceClass and BusClass will be modified in
following commits to use this interface. A mechanism is provided
to allow executing a transitional reset handler in place of the 2nd
phase which is executed in children-then-parent order inside a tree.
This will allow to transition devices and buses smoothly while
keeping the exact current qdev/qbus reset behavior for now.

Documentation will be added in a following commit.

Signed-off-by: Damien Hedde <damien.hedde@greensocs.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Tested-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: 20200123132823.1117486-4-damien.hedde@greensocs.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
23 months agohw/core/qdev: add trace events to help with resettable transition
Damien Hedde [Thu, 30 Jan 2020 16:02:03 +0000 (16:02 +0000)] 
hw/core/qdev: add trace events to help with resettable transition

Adds trace events to reset procedure and when updating the parent
bus of a device.

Signed-off-by: Damien Hedde <damien.hedde@greensocs.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Cornelia Huck <cohuck@redhat.com>
Tested-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: 20200123132823.1117486-3-damien.hedde@greensocs.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
23 months agoadd device_legacy_reset function to prepare for reset api change
Damien Hedde [Thu, 30 Jan 2020 16:02:03 +0000 (16:02 +0000)] 
add device_legacy_reset function to prepare for reset api change

Provide a temporary device_legacy_reset function doing what
device_reset does to prepare for the transition with Resettable
API.

All occurrence of device_reset in the code tree are also replaced
by device_legacy_reset.

The new resettable API has different prototype and semantics
(resetting child buses as well as the specified device). Subsequent
commits will make the changeover for each call site individually; once
that is complete device_legacy_reset() will be removed.

Signed-off-by: Damien Hedde <damien.hedde@greensocs.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Acked-by: David Gibson <david@gibson.dropbear.id.au>
Acked-by: Cornelia Huck <cohuck@redhat.com>
Tested-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: 20200123132823.1117486-2-damien.hedde@greensocs.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
23 months agohw/arm/raspi: Remove obsolete use of -smp to set the soc 'enabled-cpus'
Philippe Mathieu-Daudé [Thu, 30 Jan 2020 16:02:03 +0000 (16:02 +0000)] 
hw/arm/raspi: Remove obsolete use of -smp to set the soc 'enabled-cpus'

Since we enabled parallel TCG code generation for softmmu (see
commit 3468b59 "tcg: enable multiple TCG contexts in softmmu")
and its subsequent fix (commit 72649619 "add .min_cpus and
.default_cpus fields to machine_class"), the raspi machines are
restricted to always use their 4 cores:

See in hw/arm/raspi2 (with BCM283X_NCPUS set to 4):

  222 static void raspi2_machine_init(MachineClass *mc)
  223 {
  224     mc->desc = "Raspberry Pi 2";
  230     mc->max_cpus = BCM283X_NCPUS;
  231     mc->min_cpus = BCM283X_NCPUS;
  232     mc->default_cpus = BCM283X_NCPUS;
  235 };
  236 DEFINE_MACHINE("raspi2", raspi2_machine_init)

We can no longer use the -smp option, as we get:

  $ qemu-system-arm -M raspi2 -smp 1
  qemu-system-arm: Invalid SMP CPUs 1. The min CPUs supported by machine 'raspi2' is 4

Since we can not set the TYPE_BCM283x SOC "enabled-cpus" with -smp,
remove the unuseful code.

We can achieve the same by using the '-global bcm2836.enabled-cpus=1'
option.

Reported-by: Laurent Bonnans <laurent.bonnans@here.com>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-id: 20200120235159.18510-2-f4bug@amsat.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
23 months agomisc/pca9552: Add qom set and get
Joel Stanley [Thu, 30 Jan 2020 16:02:02 +0000 (16:02 +0000)] 
misc/pca9552: Add qom set and get

Following the pattern of the work recently done with the ASPEED GPIO
model, this adds support for inspecting and modifying the PCA9552 LEDs
from the monitor.

 (qemu) qom-set  /machine/unattached/device[17] led0 on
 (qemu) qom-set  /machine/unattached/device[17] led0 off
 (qemu) qom-set  /machine/unattached/device[17] led0 pwm0
 (qemu) qom-set  /machine/unattached/device[17] led0 pwm1

Signed-off-by: Joel Stanley <joel@jms.id.au>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
Message-id: 20200114103433.30534-6-clg@kaod.org
[clg: - removed the "qom-get" examples from the commit log
      - merged memory leak fixes from Joel ]
Signed-off-by: Cédric Le Goater <clg@kaod.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
23 months agohw/arm/aspeed: add a 'execute-in-place' property to boot directly from CE0
Cédric Le Goater [Thu, 30 Jan 2020 16:02:02 +0000 (16:02 +0000)] 
hw/arm/aspeed: add a 'execute-in-place' property to boot directly from CE0

The overhead for the OpenBMC firmware images using the a custom U-Boot
is around 2 seconds, which is fine, but with a U-Boot from mainline,
it takes an extra 50 seconds or so to reach Linux. A quick survey on
the number of reads performed on the flash memory region gives the
following figures :

  OpenBMC U-Boot      922478 (~ 3.5 MBytes)
  Mainline U-Boot   20569977 (~ 80  MBytes)

QEMU must be trashing the TCG TBs and reloading text very often. Some
addresses are read more than 250.000 times. Until we find a solution
to improve boot time, execution from MMIO is not activated by default.

Setting this option also breaks migration compatibility.

Signed-off-by: Cédric Le Goater <clg@kaod.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: 20200114103433.30534-5-clg@kaod.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
23 months agoftgmac100: check RX and TX buffer alignment
Cédric Le Goater [Thu, 30 Jan 2020 16:02:02 +0000 (16:02 +0000)] 
ftgmac100: check RX and TX buffer alignment

These buffers should be aligned on 16 bytes.

Ignore invalid RX and TX buffer addresses and log an error. All
incoming and outgoing traffic will be dropped because no valid RX or
TX descriptors will be available.

Signed-off-by: Cédric Le Goater <clg@kaod.org>
Message-id: 20200114103433.30534-4-clg@kaod.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
23 months agohw/arm: ast2600: Wire up the eMMC controller
Andrew Jeffery [Thu, 30 Jan 2020 16:02:02 +0000 (16:02 +0000)] 
hw/arm: ast2600: Wire up the eMMC controller

Initialise another SDHCI model instance for the AST2600's eMMC
controller and use the SDHCI's num_slots value introduced previously to
determine whether we should create an SD card instance for the new slot.

Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
Reviewed-by: Cédric Le Goater <clg@kaod.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
Message-id: 20200114103433.30534-3-clg@kaod.org
[ clg : - removed ternary operator from sdhci_attach_drive()
        - renamed SDHCI objects with a '-controller' prefix ]
Signed-off-by: Cédric Le Goater <clg@kaod.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
23 months agohw/sd: Configure number of slots exposed by the ASPEED SDHCI model
Andrew Jeffery [Thu, 30 Jan 2020 16:02:02 +0000 (16:02 +0000)] 
hw/sd: Configure number of slots exposed by the ASPEED SDHCI model

The AST2600 includes a second cut-down version of the SD/MMC controller
found in the AST2500, named the eMMC controller. It's cut down in the
sense that it only supports one slot rather than two, but it brings the
total number of slots supported by the AST2600 to three.

The existing code assumed that the SD controller always provided two
slots. Rework the SDHCI object to expose the number of slots as a
property to be set by the SoC configuration.

Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Cédric Le Goater <clg@kaod.org>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
Message-id: 20200114103433.30534-2-clg@kaod.org
[PMM: fixed up to use device_class_set_props()]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
23 months agotarget/arm/arm-semi: Don't let the guest close stdin/stdout/stderr
Peter Maydell [Thu, 30 Jan 2020 16:02:01 +0000 (16:02 +0000)] 
target/arm/arm-semi: Don't let the guest close stdin/stdout/stderr

The guest can use the semihosting API to open a handle
corresponding to QEMU's own stdin, stdout, or stderr.
When the guest closes this handle, we should not
close the underlying host stdin/stdout/stderr
the way we would do if the handle corresponded to
a host fd we'd opened on behalf of the guest in SYS_OPEN.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: 20200124172954.28481-1-peter.maydell@linaro.org

23 months agohw/core/or-irq: Fix incorrect assert forbidding num-lines == MAX_OR_LINES
Peter Maydell [Thu, 30 Jan 2020 16:02:01 +0000 (16:02 +0000)] 
hw/core/or-irq: Fix incorrect assert forbidding num-lines == MAX_OR_LINES

The num-lines property of the TYPE_OR_GATE device sets the number
of input lines it has. An assert() in or_irq_realize() restricts
this to the maximum supported by the implementation. However we
got the condition in the assert wrong: it should be using <=,
because num-lines == MAX_OR_LINES is permitted, and means that
all entries from 0 to MAX_OR_LINES-1 in the s->levels[] array
are used.

We didn't notice this previously because no user has so far
needed that many input lines.

Reported-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Guenter Roeck <linux@roeck-us.net>
Message-id: 20200120142235.10432-1-peter.maydell@linaro.org

23 months agoMerge remote-tracking branch 'remotes/amarkovic/tags/mips-queue-jan-29-2020' into...
Peter Maydell [Thu, 30 Jan 2020 14:18:45 +0000 (14:18 +0000)] 
Merge remote-tracking branch 'remotes/amarkovic/tags/mips-queue-jan-29-2020' into staging

MIPS queue for January 29th, 2020

# gpg: Signature made Wed 29 Jan 2020 18:29:43 GMT
# gpg:                using RSA key D4972A8967F75A65
# gpg: Good signature from "Aleksandar Markovic <amarkovic@wavecomp.com>" [full]
# Primary key fingerprint: 8526 FBF1 5DA3 811F 4A01  DD75 D497 2A89 67F7 5A65

* remotes/amarkovic/tags/mips-queue-jan-29-2020:
  target/mips: Add implementation of GINVT instruction
  target/mips: Amend CP0 WatchHi register implementation
  hw/core/loader: Let load_elf() populate a field with CPU-specific flags
  target/mips: semihosting: Remove 'uhi_done' label in helper_do_semihosting()
  disas: Add a field for target-dependant data to disassemble_info
  target/mips: Rectify documentation on deprecating MIPS r4k machine

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
23 months agoMerge remote-tracking branch 'remotes/stefanberger/tags/pull-tpm-2020-01-29-1' into...
Peter Maydell [Thu, 30 Jan 2020 13:12:39 +0000 (13:12 +0000)] 
Merge remote-tracking branch 'remotes/stefanberger/tags/pull-tpm-2020-01-29-1' into staging

Merge tpm 2020/01/29 v1

# gpg: Signature made Wed 29 Jan 2020 13:01:37 GMT
# gpg:                using RSA key B818B9CADF9089C2D5CEC66B75AD65802A0B4211
# gpg: Good signature from "Stefan Berger <stefanb@linux.vnet.ibm.com>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: B818 B9CA DF90 89C2 D5CE  C66B 75AD 6580 2A0B 4211

* remotes/stefanberger/tags/pull-tpm-2020-01-29-1:
  tpm-ppi: page-align PPI RAM

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
23 months agoMerge remote-tracking branch 'remotes/juanquintela/tags/pull-migration-pull-request...
Peter Maydell [Thu, 30 Jan 2020 11:43:21 +0000 (11:43 +0000)] 
Merge remote-tracking branch 'remotes/juanquintela/tags/pull-migration-pull-request' into staging

Migration pull request

# gpg: Signature made Wed 29 Jan 2020 10:57:23 GMT
# gpg:                using RSA key 1899FF8EDEBF58CCEE034B82F487EF185872D723
# gpg: Good signature from "Juan Quintela <quintela@redhat.com>" [full]
# gpg:                 aka "Juan Quintela <quintela@trasno.org>" [full]
# Primary key fingerprint: 1899 FF8E DEBF 58CC EE03  4B82 F487 EF18 5872 D723

* remotes/juanquintela/tags/pull-migration-pull-request:
  migration/compress: compress QEMUFile is not writable
  migration: Simplify get_qlist
  multifd: Split multifd code into its own file
  multifd: Make multifd_load_setup() get an Error parameter
  multifd: Make multifd_save_setup() get an Error parameter
  migration: Make checkpatch happy with comments
  multifd: Use qemu_target_page_size()
  multifd: multifd_send_sync_main only needs the qemufile
  multifd: multifd_queue_page only needs the qemufile
  multifd: multifd_send_pages only needs the qemufile
  ram_addr: Split RAMBlock definition
  migration/multifd: fix nullptr access in multifd_send_terminate_threads
  migration: Create migration_is_running()
  migration-test: Make sure that multifd and cancel works
  migration: Don't send data if we have stopped
  qemu-file: Don't do IO after shutdown
  multifd: Make sure that we don't do any IO after an error
  migration-test: Use g_free() instead of free()

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
23 months agotarget/mips: Add implementation of GINVT instruction
Yongbok Kim [Fri, 20 Dec 2019 09:29:34 +0000 (10:29 +0100)] 
target/mips: Add implementation of GINVT instruction

Implement emulation of GINVT instruction. As QEMU doesn't support
caches and virtualization, this implementation covers only one
instruction (GINVT - Global Invalidate TLB) among all TLB-related
MIPS instructions.

Reviewed-by: Aleksandar Rikalo <aleksandar.rikalo@rt-rk.com>
Signed-off-by: Yongbok Kim <yongbok.kim@mips.com>
Signed-off-by: Aleksandar Markovic <amarkovic@wavecomp.com>
Message-Id: <1579883929-1517-5-git-send-email-aleksandar.markovic@rt-rk.com>

23 months agotarget/mips: Amend CP0 WatchHi register implementation
Yongbok Kim [Fri, 20 Dec 2019 09:34:09 +0000 (10:34 +0100)] 
target/mips: Amend CP0 WatchHi register implementation

WatchHi is extended by the field MemoryMapID with the GINVT instruction.
The field is accessible by MTHC0/MFHC0 in 32-bit architectures and DMTC0/
DMFC0 in 64-bit architectures.

Reviewed-by: Aleksandar Rikalo <aleksandar.rikalo@rt-rk.com>
Signed-off-by: Yongbok Kim <yongbok.kim@mips.com>
Signed-off-by: Aleksandar Markovic <amarkovic@wavecomp.com>
Message-Id: <1579883929-1517-4-git-send-email-aleksandar.markovic@rt-rk.com>

23 months agohw/core/loader: Let load_elf() populate a field with CPU-specific flags
Aleksandar Markovic [Sun, 26 Jan 2020 22:55:04 +0000 (23:55 +0100)] 
hw/core/loader: Let load_elf() populate a field with CPU-specific flags

While loading the executable, some platforms (like AVR) need to
detect CPU type that executable is built for - and, with this patch,
this is enabled by reading the field 'e_flags' of the ELF header of
the executable in question. The change expands functionality of
the following functions:

  - load_elf()
  - load_elf_as()
  - load_elf_ram()
  - load_elf_ram_sym()

The argument added to these functions is called 'pflags' and is of
type 'uint32_t*' (that matches 'pointer to 'elf_word'', 'elf_word'
being the type of the field 'e_flags', in both 32-bit and 64-bit
variants of ELF header). Callers are allowed to pass NULL as that
argument, and in such case no lookup to the field 'e_flags' will
happen, and no information will be returned, of course.

CC: Richard Henderson <rth@twiddle.net>
CC: Peter Maydell <peter.maydell@linaro.org>
CC: Edgar E. Iglesias <edgar.iglesias@gmail.com>
CC: Michael Walle <michael@walle.cc>
CC: Thomas Huth <huth@tuxfamily.org>
CC: Laurent Vivier <laurent@vivier.eu>
CC: Philippe Mathieu-Daudé <f4bug@amsat.org>
CC: Aleksandar Rikalo <aleksandar.rikalo@rt-rk.com>
CC: Aurelien Jarno <aurelien@aurel32.net>
CC: Jia Liu <proljc@gmail.com>
CC: David Gibson <david@gibson.dropbear.id.au>
CC: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
CC: BALATON Zoltan <balaton@eik.bme.hu>
CC: Christian Borntraeger <borntraeger@de.ibm.com>
CC: Thomas Huth <thuth@redhat.com>
CC: Artyom Tarasenko <atar4qemu@gmail.com>
CC: Fabien Chouteau <chouteau@adacore.com>
CC: KONRAD Frederic <frederic.konrad@adacore.com>
CC: Max Filippov <jcmvbkbc@gmail.com>
Reviewed-by: Aleksandar Rikalo <aleksandar.rikalo@rt-rk.com>
Signed-off-by: Michael Rolnik <mrolnik@gmail.com>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Aleksandar Markovic <amarkovic@wavecomp.com>
Message-Id: <1580079311-20447-24-git-send-email-aleksandar.markovic@rt-rk.com>

23 months agotarget/mips: semihosting: Remove 'uhi_done' label in helper_do_semihosting()
Daniel Henrique Barboza [Mon, 6 Jan 2020 18:23:32 +0000 (15:23 -0300)] 
target/mips: semihosting: Remove 'uhi_done' label in helper_do_semihosting()

The label 'uhi_done' is a simple 'return' call and can
be removed for a bit more clarity in the code.

CC: Aurelien Jarno <aurelien@aurel32.net>
CC: Aleksandar Markovic <amarkovic@wavecomp.com>
CC: Aleksandar Rikalo <aleksandar.rikalo@rt-rk.com>
Reviewed-by: Aleksandar Markovic <amarkovic@wavecomp.com>
Signed-off-by: Aleksandar Markovic <amarkovic@wavecomp.com>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Message-Id: <20200106182425.20312-7-danielhb413@gmail.com>

23 months agodisas: Add a field for target-dependant data to disassemble_info
Aleksandar Markovic [Fri, 24 Jan 2020 16:38:47 +0000 (17:38 +0100)] 
disas: Add a field for target-dependant data to disassemble_info

This patch adds a field "target_info" to the structure
disassemble_info. The purpose of this field is to enable targets
to pass to disassembler code any additional data thet deem suitable.

Reviewed-by: Aleksandar Rikalo <aleksandar.rikalo@rt-rk.com>
Signed-off-by: Aleksandar Markovic <amarkovic@wavecomp.com>
Message-Id: <1579883929-1517-6-git-send-email-aleksandar.markovic@rt-rk.com>

23 months agotarget/mips: Rectify documentation on deprecating MIPS r4k machine
Aleksandar Markovic [Fri, 24 Jan 2020 16:38:43 +0000 (17:38 +0100)] 
target/mips: Rectify documentation on deprecating MIPS r4k machine

Correct file qemu-deprecated.texi with respect to the release since
MIPS r4k machine is deprecated from 4.2 to 5.0.

Fixes: d32dc61421b

Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Aleksandar Markovic <amarkovic@wavecomp.com>
Message-Id: <1579883929-1517-2-git-send-email-aleksandar.markovic@rt-rk.com>

23 months agotpm-ppi: page-align PPI RAM
Marc-André Lureau [Fri, 3 Jan 2020 07:39:59 +0000 (11:39 +0400)] 
tpm-ppi: page-align PPI RAM

post-copy migration fails on destination with error such as:
2019-12-26T10:22:44.714644Z qemu-kvm: ram_block_discard_range:
Unaligned start address: 0x559d2afae9a0

Use qemu_memalign() to constrain the PPI RAM memory alignment.

Cc: qemu-stable@nongnu.org
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Reviewed-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Message-id: 20200103074000.1006389-3-marcandre.lureau@redhat.com

23 months agomigration/compress: compress QEMUFile is not writable
Wei Yang [Sat, 12 Oct 2019 02:39:31 +0000 (10:39 +0800)] 
migration/compress: compress QEMUFile is not writable

We open a file with empty_ops for compress QEMUFile, which means this is
not writable.

Signed-off-by: Wei Yang <richardw.yang@linux.intel.com>
Reviewed-by: Juan Quintela <quintela@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
23 months agomigration: Simplify get_qlist
Eric Auger [Sat, 25 Jan 2020 17:24:49 +0000 (18:24 +0100)] 
migration: Simplify get_qlist

Instead of inserting read elements at the head and
then reversing the list, it is simpler to add
each element after the previous one. Introduce
QLIST_RAW_INSERT_AFTER helper and use it in
get_qlist().

Signed-off-by: Eric Auger <eric.auger@redhat.com>
Suggested-by: Juan Quintela <quintela@redhat.com>
Reviewed-by: Juan Quintela <quintela@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
23 months agomultifd: Split multifd code into its own file
Juan Quintela [Wed, 22 Jan 2020 15:16:07 +0000 (16:16 +0100)] 
multifd: Split multifd code into its own file

Signed-off-by: Juan Quintela <quintela@redhat.com>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
23 months agomultifd: Make multifd_load_setup() get an Error parameter
Juan Quintela [Wed, 12 Jun 2019 09:44:19 +0000 (11:44 +0200)] 
multifd: Make multifd_load_setup() get an Error parameter

We need to change the full chain to pass the Error parameter.

Signed-off-by: Juan Quintela <quintela@redhat.com>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
23 months agomultifd: Make multifd_save_setup() get an Error parameter
Juan Quintela [Wed, 12 Jun 2019 09:33:27 +0000 (11:33 +0200)] 
multifd: Make multifd_save_setup() get an Error parameter

Signed-off-by: Juan Quintela <quintela@redhat.com>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
23 months agomigration: Make checkpatch happy with comments
Juan Quintela [Wed, 22 Jan 2020 18:12:28 +0000 (19:12 +0100)] 
migration: Make checkpatch happy with comments

Signed-off-by: Juan Quintela <quintela@redhat.com>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
23 months agomultifd: Use qemu_target_page_size()
Juan Quintela [Wed, 22 Jan 2020 16:46:30 +0000 (17:46 +0100)] 
multifd: Use qemu_target_page_size()

We will make it cpu independent.

Signed-off-by: Juan Quintela <quintela@redhat.com>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
23 months agomultifd: multifd_send_sync_main only needs the qemufile
Juan Quintela [Wed, 22 Jan 2020 15:04:53 +0000 (16:04 +0100)] 
multifd: multifd_send_sync_main only needs the qemufile

Signed-off-by: Juan Quintela <quintela@redhat.com>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
23 months agomultifd: multifd_queue_page only needs the qemufile
Juan Quintela [Wed, 22 Jan 2020 15:03:01 +0000 (16:03 +0100)] 
multifd: multifd_queue_page only needs the qemufile

Signed-off-by: Juan Quintela <quintela@redhat.com>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
23 months agomultifd: multifd_send_pages only needs the qemufile
Juan Quintela [Wed, 22 Jan 2020 15:01:09 +0000 (16:01 +0100)] 
multifd: multifd_send_pages only needs the qemufile

Signed-off-by: Juan Quintela <quintela@redhat.com>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
23 months agoram_addr: Split RAMBlock definition
Juan Quintela [Wed, 22 Jan 2020 14:58:57 +0000 (15:58 +0100)] 
ram_addr: Split RAMBlock definition

We need some of the fields without having to poison everything else.

Signed-off-by: Juan Quintela <quintela@redhat.com>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
23 months agomigration/multifd: fix nullptr access in multifd_send_terminate_threads
Zhimin Feng [Fri, 10 Jan 2020 08:50:19 +0000 (16:50 +0800)] 
migration/multifd: fix nullptr access in multifd_send_terminate_threads

If the multifd_send_threads is not created when migration is failed,
multifd_save_cleanup would be called twice. In this senario, the
multifd_send_state is accessed after it has been released, the result
is that the source VM is crashing down.

Here is the coredump stack:
    Program received signal SIGSEGV, Segmentation fault.
    0x00005629333a78ef in multifd_send_terminate_threads (err=err@entry=0x0) at migration/ram.c:1012
    1012            MultiFDSendParams *p = &multifd_send_state->params[i];
    #0  0x00005629333a78ef in multifd_send_terminate_threads (err=err@entry=0x0) at migration/ram.c:1012
    #1  0x00005629333ab8a9 in multifd_save_cleanup () at migration/ram.c:1028
    #2  0x00005629333abaea in multifd_new_send_channel_async (task=0x562935450e70, opaque=<optimized out>) at migration/ram.c:1202
    #3  0x000056293373a562 in qio_task_complete (task=task@entry=0x562935450e70) at io/task.c:196
    #4  0x000056293373a6e0 in qio_task_thread_result (opaque=0x562935450e70) at io/task.c:111
    #5  0x00007f475d4d75a7 in g_idle_dispatch () from /usr/lib64/libglib-2.0.so.0
    #6  0x00007f475d4da9a9 in g_main_context_dispatch () from /usr/lib64/libglib-2.0.so.0
    #7  0x0000562933785b33 in glib_pollfds_poll () at util/main-loop.c:219
    #8  os_host_main_loop_wait (timeout=<optimized out>) at util/main-loop.c:242
    #9  main_loop_wait (nonblocking=nonblocking@entry=0) at util/main-loop.c:518
    #10 0x00005629334c5acf in main_loop () at vl.c:1810
    #11 0x000056293334d7bb in main (argc=<optimized out>, argv=<optimized out>, envp=<optimized out>) at vl.c:4471

If the multifd_send_threads is not created when migration is failed.
In this senario, we don't call multifd_save_cleanup in multifd_new_send_channel_async.

Signed-off-by: Zhimin Feng <fengzhimin1@huawei.com>
Reviewed-by: Juan Quintela <quintela@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
23 months agomigration: Create migration_is_running()
Juan Quintela [Tue, 21 Jan 2020 14:39:23 +0000 (15:39 +0100)] 
migration: Create migration_is_running()

This function returns true if we are in the middle of a migration.
It is like migration_is_setup_or_active() with CANCELLING and COLO.
Adapt all callers that are needed.

Signed-off-by: Juan Quintela <quintela@redhat.com>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
23 months agomigration-test: Make sure that multifd and cancel works
Juan Quintela [Wed, 18 Dec 2019 04:13:40 +0000 (05:13 +0100)] 
migration-test: Make sure that multifd and cancel works

Test that this sequence works:

- launch source
- launch target
- start migration
- cancel migration
- relaunch target
- do migration again

Signed-off-by: Juan Quintela <quintela@redhat.com>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
23 months agomigration: Don't send data if we have stopped
Juan Quintela [Wed, 22 Jan 2020 10:36:12 +0000 (11:36 +0100)] 
migration: Don't send data if we have stopped

If we do a cancel, we got out without one error, but we can't do the
rest of the output as in a normal situation.

Signed-off-by: Juan Quintela <quintela@redhat.com>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
23 months agoqemu-file: Don't do IO after shutdown
Juan Quintela [Wed, 18 Dec 2019 04:11:31 +0000 (05:11 +0100)] 
qemu-file: Don't do IO after shutdown

Be sure that we are not doing neither read/write after shutdown of the
QEMUFile.

Signed-off-by: Juan Quintela <quintela@redhat.com>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
23 months agomultifd: Make sure that we don't do any IO after an error
Juan Quintela [Wed, 18 Dec 2019 04:12:36 +0000 (05:12 +0100)] 
multifd: Make sure that we don't do any IO after an error

Signed-off-by: Juan Quintela <quintela@redhat.com>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
23 months agomigration-test: Use g_free() instead of free()
Juan Quintela [Mon, 20 Jan 2020 14:52:52 +0000 (15:52 +0100)] 
migration-test: Use g_free() instead of free()

Signed-off-by: Juan Quintela <quintela@redhat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
23 months agoMerge remote-tracking branch 'remotes/jnsnow/tags/ide-pull-request' into staging
Peter Maydell [Tue, 28 Jan 2020 17:09:36 +0000 (17:09 +0000)] 
Merge remote-tracking branch 'remotes/jnsnow/tags/ide-pull-request' into staging

Pull request

# gpg: Signature made Tue 28 Jan 2020 01:05:19 GMT
# gpg:                using RSA key F9B7ABDBBCACDF95BE76CBD07DEF8106AAFC390E
# gpg: Good signature from "John Snow (John Huston) <jsnow@redhat.com>" [full]
# Primary key fingerprint: FAEB 9711 A12C F475 812F  18F2 88A9 064D 1835 61EB
#      Subkey fingerprint: F9B7 ABDB BCAC DF95 BE76  CBD0 7DEF 8106 AAFC 390E

* remotes/jnsnow/tags/ide-pull-request:
  tests/ide-test: Create a single unit-test covering more PRDT cases
  ide: Fix incorrect handling of some PRDTs in ide_dma_cb()

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
23 months agoMerge remote-tracking branch 'remotes/rth/tags/pull-pa-20200127' into staging
Peter Maydell [Tue, 28 Jan 2020 15:11:04 +0000 (15:11 +0000)] 
Merge remote-tracking branch 'remotes/rth/tags/pull-pa-20200127' into staging

Improve LASI emulation
Add Artist graphics
Fix main memory allocation
Improve LDCW emulation wrt real hw

# gpg: Signature made Mon 27 Jan 2020 18:53:35 GMT
# gpg:                using RSA key 7A481E78868B4DB6A85A05C064DF38E8AF7E215F
# gpg:                issuer "richard.henderson@linaro.org"
# gpg: Good signature from "Richard Henderson <richard.henderson@linaro.org>" [full]
# Primary key fingerprint: 7A48 1E78 868B 4DB6 A85A  05C0 64DF 38E8 AF7E 215F

* remotes/rth/tags/pull-pa-20200127:
  target/hppa: Allow, but diagnose, LDCW aligned only mod 4
  hw/hppa/machine: Map the PDC memory region with higher priority
  hw/hppa/machine: Restrict the total memory size to 3GB
  hw/hppa/machine: Correctly check the firmware is in PDC range
  hppa: Add emulation of Artist graphics
  seabios-hppa: update to latest version
  hppa: Switch to tulip NIC by default
  hppa: add emulation of LASI PS2 controllers
  ps2: accept 'Set Key Make and Break' commands
  hppa: Add support for LASI chip with i82596 NIC
  hw/hppa/dino.c: Improve emulation of Dino PCI chip

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
23 months agotests/ide-test: Create a single unit-test covering more PRDT cases
Alexander Popov [Mon, 23 Dec 2019 17:51:17 +0000 (20:51 +0300)] 
tests/ide-test: Create a single unit-test covering more PRDT cases

Fuzzing the Linux kernel with syzkaller allowed to find how to crash qemu
using a special SCSI_IOCTL_SEND_COMMAND. It hits the assertion in
ide_dma_cb() introduced in the commit a718978ed58a in July 2015.
Currently this bug is not reproduced by the unit tests.

Let's improve the ide-test to cover more PRDT cases including one
that causes this particular qemu crash.

The test is developed according to the Programming Interface for
Bus Master IDE Controller (Revision 1.0 5/16/94).

Signed-off-by: Alexander Popov <alex.popov@linux.com>
Message-id: 20191223175117.508990-3-alex.popov@linux.com
Signed-off-by: John Snow <jsnow@redhat.com>
23 months agoide: Fix incorrect handling of some PRDTs in ide_dma_cb()
Alexander Popov [Mon, 23 Dec 2019 17:51:16 +0000 (20:51 +0300)] 
ide: Fix incorrect handling of some PRDTs in ide_dma_cb()

The commit a718978ed58a from July 2015 introduced the assertion which
implies that the size of successful DMA transfers handled in ide_dma_cb()
should be multiple of 512 (the size of a sector). But guest systems can
initiate DMA transfers that don't fit this requirement.

For fixing that let's check the number of bytes prepared for the transfer
by the prepare_buf() handler. The code in ide_dma_cb() must behave
according to the Programming Interface for Bus Master IDE Controller
(Revision 1.0 5/16/94):
1. If PRDs specified a smaller size than the IDE transfer
   size, then the Interrupt and Active bits in the Controller
   status register are not set (Error Condition).
2. If the size of the physical memory regions was equal to
   the IDE device transfer size, the Interrupt bit in the
   Controller status register is set to 1, Active bit is set to 0.
3. If PRDs specified a larger size than the IDE transfer size,
   the Interrupt and Active bits in the Controller status register
   are both set to 1.

Signed-off-by: Alexander Popov <alex.popov@linux.com>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Message-id: 20191223175117.508990-2-alex.popov@linux.com
Signed-off-by: John Snow <jsnow@redhat.com>
23 months agotarget/hppa: Allow, but diagnose, LDCW aligned only mod 4
Richard Henderson [Fri, 17 Jan 2020 01:46:38 +0000 (15:46 -1000)] 
target/hppa: Allow, but diagnose, LDCW aligned only mod 4

The PA-RISC 1.1 specification says that LDCW must be aligned mod 16
or the operation is undefined.  However, real hardware only generates
an unaligned access trap for unaligned mod 4.

Match real hardware, but diagnose with GUEST_ERROR a violation of
the specification.

At the same time fix a bug in the initialization of mop, where the
size was specified twice, and another to free the zero temporary.

Tested-by: Helge Deller <deller@gmx.de>
Reported-by: Helge Deller <deller@gmx.de>
Suggested-by: John David Anglin <dave.anglin@bell.net>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
23 months agohw/hppa/machine: Map the PDC memory region with higher priority
Philippe Mathieu-Daudé [Thu, 9 Jan 2020 00:05:25 +0000 (01:05 +0100)] 
hw/hppa/machine: Map the PDC memory region with higher priority

The region in range [0xf0000000 - 0xf1000000] is the PDC area
(Processor Dependent Code), where the firmware is loaded.
This region has higher priority than the main memory.

When the machine has more than 3840MB of RAM, there is an
overlap. Since the PDC is closer to the CPU in the bus
hierarchy, it gets accessed first, and the CPU does not have
access to the RAM in this range.

To model the same behavior and keep a simple memory layout,
reduce the priority of the RAM region. The PDC region ends
overlapping the RAM.

Acked-by: Helge Deller <deller@gmx.de>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <20200109000525.24744-4-f4bug@amsat.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
23 months agohw/hppa/machine: Restrict the total memory size to 3GB
Philippe Mathieu-Daudé [Thu, 9 Jan 2020 00:05:24 +0000 (01:05 +0100)] 
hw/hppa/machine: Restrict the total memory size to 3GB

The hardware expects DIMM slots of 1 or 2 GB, allowing up to
4 GB of memory. We want to accept the same amount of memory the
hardware can deal with. DIMMs of 768MB are not available.

However we have to deal with a firmware limitation: currently
SeaBIOS only supports 32-bit, and expects the RAM size in a
32-bit register. When using a 4GB configuration, the 32-bit
register get truncated and we report a size of 0MB to SeaBIOS,
which ends halting the machine:

  $ qemu-system-hppa -m 4g -serial stdio

  SeaBIOS: Machine configured with too little memory (0 MB), minimum is 16 MB.

  SeaBIOS wants SYSTEM HALT.

The easiest way is to restrict the machine to 3GB of memory.

Acked-by: Helge Deller <deller@gmx.de>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <20200109000525.24744-3-f4bug@amsat.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
23 months agohw/hppa/machine: Correctly check the firmware is in PDC range
Philippe Mathieu-Daudé [Thu, 9 Jan 2020 00:05:23 +0000 (01:05 +0100)] 
hw/hppa/machine: Correctly check the firmware is in PDC range

The firmware has to reside in the PDC range. If the Elf file
expects to load it below FIRMWARE_START, it is incorrect,
regardless the RAM size.

Acked-by: Helge Deller <deller@gmx.de>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <20200109000525.24744-2-f4bug@amsat.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
23 months agohppa: Add emulation of Artist graphics
Sven Schnelle [Fri, 20 Dec 2019 21:15:11 +0000 (22:15 +0100)] 
hppa: Add emulation of Artist graphics

This adds emulation of Artist graphics good enough to get a text
console on both Linux and HP-UX. The X11 server from HP-UX also works.

Adjust boot-serial-test to disable graphics, so that SeaBIOS outputs
to the serial port, as expected by the test.

Signed-off-by: Sven Schnelle <svens@stackframe.org>
Message-Id: <20191220211512.3289-6-svens@stackframe.org>
[rth: Merge Helge's test for machine->enable_graphics]
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
23 months agoseabios-hppa: update to latest version
Sven Schnelle [Fri, 20 Dec 2019 21:15:12 +0000 (22:15 +0100)] 
seabios-hppa: update to latest version

Helge Deller (13):
      Add PDC_MEM_MAP and ENTRY_INIT_SRCH_FRST for OSF/MkLinux
      Return non-existant BTLB for PDC_BLOCK_TLB
      Add serial, parallel and LAN port support of  LASI chip
      Implement ENTRY_IO_BBLOCK_IN IODC function
      Do not print \r on parisc SeaBIOS
      Fix serial ports and add PDC_MODEL functions for special instructions enablement
      Implement SeaBIOS returning additional addresses. Fixes HP-UX boot.
      Fix mod_pgs (number of pages) for graphic cards
      Merge pull request #3 from svenschnelle/sti
      Merge pull request #4 from svenschnelle/parisc-qemu-4.1.0
      parisc: Implement PDC rendenzvous
      parisc: Improve soft power button emulation
      parisc: Fix line wrapping in STI console code

Sven Schnelle (7):
      parisc: fix PDC info for graphics adapter
      parisc: add missing header guard to hppa.h
      parisc: add LASI PS/2 emulation.
      parisc: Add STI support
      parisc: wire up graphics console
      parisc: Add support for setting STI screen resolution
      parisc: support LASI RTC register

Required for STI and LASI support. Also adds a few Bugfixes.

Signed-off-by: Sven Schnelle <svens@stackframe.org>
Message-Id: <20191220211512.3289-7-svens@stackframe.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
23 months agohppa: Switch to tulip NIC by default
Helge Deller [Sat, 21 Dec 2019 22:25:30 +0000 (23:25 +0100)] 
hppa: Switch to tulip NIC by default

Most HP PA-RISC machines have a Digital DS21142/43 Tulip network card,
only some very latest generation machines have an e1000 NIC.
Since qemu now provides an emulated tulip card, use that one instead.

Signed-off-by: Helge Deller <deller@gmx.de>
Message-Id: <20191221222530.GB27803@ls3530.fritz.box>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
23 months agohppa: add emulation of LASI PS2 controllers
Sven Schnelle [Fri, 20 Dec 2019 21:15:10 +0000 (22:15 +0100)] 
hppa: add emulation of LASI PS2 controllers

Signed-off-by: Sven Schnelle <svens@stackframe.org>
Message-Id: <20191220211512.3289-5-svens@stackframe.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
23 months agops2: accept 'Set Key Make and Break' commands
Sven Schnelle [Fri, 20 Dec 2019 21:15:09 +0000 (22:15 +0100)] 
ps2: accept 'Set Key Make and Break' commands

HP-UX sends both the 'Set key make and break (0xfc) and
'Set all key typematic make and break' (0xfa). QEMU response
with 'Resend' as it doesn't handle these commands. HP-UX than
reports an PS/2 max retransmission exceeded error. Add these
commands and just reply with ACK.

Signed-off-by: Sven Schnelle <svens@stackframe.org>
Message-Id: <20191220211512.3289-4-svens@stackframe.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>